Infosec Weekly Round-up August 19 – 26, 2012

First up for this week is an article about the new operating system by Microsoft windows 8 which includes new protection that prevent writing in the HOSTS file, this file is used by malware editor to prevent windows OS update:

“While you can still add any host you want to the hosts file and map it to an IP, you will notice that some of the mappings will get reset once you open an Internet browser. If you only save, close and re-open the hosts file you will still see the new mappings in the file, but once you open a web browser, some of them are removed automatically from the hosts file.”

Researchers presented at the USENIX Workshop on Offensive Technologies in Bellevue, Washington new malware that is hard to detect with usual security software. The malware design is modular and when installed o victim computers it will work with gadgets.

“Victor Frankenstein stitched together the body parts of ordinary individuals and created a monster. Now computer scientists have done the same with software, demonstrating the potential for hard-to-detect viruses that are stitched together from benign code pilfered from ordinary programs.”

Trojan Crisis (Morcut), a malware that was discovered last month. Is now working on virtual machines according to Symantec study, the malware is obsorved on 21 hosts in the cyberspace which mean that it targets a special users:

”Finally, Crisis malware has functionality to spread to four different environments: Mac, Windows, virtual machines, and Windows Mobile. It is an advanced threat not only in function, but also in the way it spreads.”

Apple released a new version for the Apple Remote Desktop, which comes to fix a serious vulnerability CVE-2012-0681 with the wrong data encryption when connecting to an external VNC-server. In fact, when the user selects the option “Encrypt all network data”, a secure connection is not really installed, all data is transmitted in plain text, and the user is not notified of this.

TrustWave SpiderLabs researchers published a blog post about a hint password feature in windows 8 where they are located in the “UserPasswordHint” key and if you’re running with SYSTEM access, you can read this key easily.

“Although this stuff looked a bit unreadable on the surface we can now see that it can clearly be decoded and could be used by tools that extract information from the SAM. This seems like it would be very helpful for penetration testers by giving them more insight into what the user’s password might be, so I decided to take it one step further.”